On Sun, Apr 07, 2002 at 03:48:26PM +0200, Henrik Nordstrom wrote:
On Sunday 07 April 2002 12:07, Brian J. Murrell wrote:
Dynamically inserting/removing rules seems like a big hack, but
not like a solution.
Why? I thought that userspace solutions were _always_ considered
the better
On Monday 08 April 2002 05:36, Brian J. Murrell wrote:
But even with it, I have to trust the client app that it will do
good (and secure) with the hole in the firewall that I have
allocated for it.
See my earlier message. The holes should be subject to your
firewalling policy.
Oh. I see
On Monday 08 April 2002 16:29, Brian J. Murrell wrote:
On Mon, Apr 08, 2002 at 11:16:38AM +0200, Harald Welte wrote:
I totally agree. Of course those 'orders' would need to go through some
firewall-admin defined policy, before hitting netfilter/iptables.
If it is indeed possible to do
Brian you always wrote about trusting your clients.
sarcastic If you do not
trust your clients don't connect them to the internet.
/sarcastic How do you know in detail what your clients send
or receive over connections
to port 80? I assume that nearly all readers of this mailing
list
Message -
From: Harald Welte [EMAIL PROTECTED]
To: Henrik Nordstrom [EMAIL PROTECTED]
Cc: Eric Wirt [EMAIL PROTECTED]; [EMAIL PROTECTED]
Sent: Sunday, April 07, 2002 5:12 AM
Subject: Re: [UPnP-SDK-discuss] UPNP Server/Application Gateway for Linux
On Sun, Apr 07, 2002 at 12:55:37AM +0200
On Monday 08 April 2002 16:29, Brian J. Murrell wrote:
If it is indeed possible to do this. How does the UPnP determine
for what purposes a client request is being made? If the answer is
well the client says what it is for then again, that is useless.
There is multiple choices here.
a)
On Monday 08 April 2002 18:03, Nils Ohlmeier wrote:
Brian you always wrote about trusting your clients. sarcastic If
you do not trust your clients don't connect them to the internet.
/sarcastic How do you know in detail what your clients send or
receive over connections to port 80? I assume
On Tuesday 09 April 2002 01:18, Henrik Nordstrom wrote:
But this thread is about how we can provide UPnP port mapping within
iptables/netfilter in a sensible manner, not how poor the reality of
Internet security actually is when you do not trust your clients at
all. I say providing UPnP with
On Tuesday 09 April 2002 03:48, Brian J. Murrell wrote:
I must be missing something here because we seem be going around
and around on this issue. There are no defined ports that you
can discern what gets opened and what doesn't. It sounds to me
like all ports are ephemeral, which makes
On Tuesday 09 April 2002 03:48, Nils Ohlmeier wrote:
If i understand the spec correct, a UPnP deamon have also to
provide control over your ppp-deamon. The main aspect of the spec
is configuring and controling your dialup connection and the
posibility to configure port-forwarding is
The 'official' IETF approach on how to NAT SIP/SDP is that you have to
run some SIP proxy, which communicates the to-be-opened port and NAT
mappings
over some protocol (formerly FCP, firewall configuration protocol) to
the
firewall.
And how is the SIP proxy any safer that allowing
On Monday 08 April 2002 00:28, Brian J. Murrell wrote:
Right! But my impression is that you have no idea which
application is requesting the access through the UPnP server. A
security policy of allow whatever the clients ask for is no
security policy at all, and unless the firewall/UPnP
12 matches
Mail list logo
